﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Security;
using System.Security.Permissions;
using System.Text;
using Kugar.Core.ExtMethod;

namespace Kugar.Core.Security
{
    /// <summary>
    ///     使用.Net原生安全机制进行函数调用时的授权检查
    /// </summary>
    public class PermissionCodeSecurityAuthorizeAttribute : CodeAccessSecurityAttribute
    {
        private string _permissionName;

        public PermissionCodeSecurityAuthorizeAttribute(SecurityAction action)
            : base(action)
        {
            //Role = role;
        }

        public string PermissionName
        {
            set { _permissionName = value; }
            get { return _permissionName; }
        }

        public override IPermission CreatePermission()
        {
            return new PermissionAuthorizePermission(_permissionName);
        }

    }

    internal class PermissionAuthorizePermission : IPermission, IUnrestrictedPermission
    {
        private string[] _permissionName = null;

        public PermissionAuthorizePermission(string permissionName)
        {
            _permissionName = permissionName.Split(',');
        }

        public  SecurityElement ToXml()
        {
            var t = new SecurityElement("Kugar");

            t.AddAttribute("Test", _permissionName.JoinToString(','));

            return t;
        }

        public void FromXml(SecurityElement elem)
        {
            var role = elem.Attributes["Test"].ToString();

            this._permissionName = role.Split(',');
        }

        public IPermission Copy()
        {
            return new PermissionAuthorizePermission(_permissionName.JoinToString(','));
        }

        public string[] PermissionName { get { return _permissionName; } }

        public IPermission Intersect(IPermission target)
        {
            return new PermissionAuthorizePermission("");
        }

        public bool IsSubsetOf(IPermission target)
        {
            //TODO:如果target为空,则判断当前用户是否包含Role权限,如果包含,返回true,如果不包含,抛出错误
            //如果target不为空,则检查当前用户是否包含target.role的权限,并且不抛出错误

            if (target==null)
            {
                return false;
            }

            if (target is PermissionAuthorizePermission)
            {
                var p = (PermissionAuthorizePermission) target;

                var rms = RMS_PermissionManager.Default;

                return rms.CurrentUserChecker.HasPermission(p.PermissionName);

                //return rms.PermissionChecker.HasPermission(rms.CurrentUserChecker.(), p.PermissionName);
            }
            else
            {
                return false;
            }
        }

        public bool IsUnrestricted()
        {
            return false;
        }


        public void Demand()
        {
            var rms = RMS_PermissionManager.Default;


            //var isContains = rms.PermissionChecker.HasPermission(rms.CurrentUserGetter(), _permissionName);
            var isContains = rms.CurrentUserChecker.HasPermission(_permissionName);

            if (!isContains)
            {
                throw new SecurityException("当前用户不包含必须的权限");
            }
        }

        public IPermission Union(IPermission target)
        {
            throw new NotImplementedException();
        }
    }
}
